The webcam is a cherished tool of digital extortionists. With the help of a remote access trojan (RAT) like BlackShades or Dark Comet, a bad actor can “slave” a user’s computer, assume control over their webcam, record the unknowing individual, and leverage that footage to get what they want from their victim. Those demands could consist of money, login credentials, or in cases like what happened to former Miss Teen USA Cassidy Wolf, video footage of the victim performing sexually explicit acts.

Sextortion is an evolving threat in the online space. Each perpetrator relies on different tools and techniques to victimize unsuspecting users. As such, each case of sextortion is different. Some instances are entirely malware-based, whereas others exploit users’ sensibilities with the help of social engineering techniques.

Here’s the story of one attack that pivoted on a Skype scam.

“You Have One Week to Send Me 5,000 Euros…”

One day, Samir, (Not his real name.) a young Palestinian man living abroad, receives a friend request from a girl on Facebook. She is 23 and says she is living with her older sister in Sidon, Lebanon. She sends a message to Samir. As quoted by BBC News:

“Hi, how are you? I saw your profile and I liked you.”

The two connect on Skype. During their chat, the two have their webcams turned on but only talk via chat. The girl reveals she is sexually attracted to Samir. Samir is aroused. She then begins performing sexual acts on herself and asks if he would reciprocate. He does.

At the end of their conversation, the girl asks Samir what he does. He says he works in marketing in Milan. She’s impressed:

“Oh, so you must be rich!”

Shortly after the girl logs off of Skype, Samir receives a message from a man on Facebook. It reads:

“Listen, I’m a man, and I recorded a video of you [during your chat with the girl]…. I have a list of your friends and family from Facebook – your mum, your sister, your cousins. You have one week to send me 5,000 euros (£4,450), or I’ll send them the video.”

Samir doesn’t have that kind of money, and even then, he’s not sure paying the ransom would stop the attacker from demanding more money in the future. He also thinks the video would likely go to his loved ones’ junk mail and that they wouldn’t click on a link from a suspicious sender anyway. So he decides to do nothing.

One week later, the man reaches out to Samir and says he’s about to upload the video onto YouTube. Samir says he can go ahead.

The video goes up, and Samir gets to work:

“I keep reporting the video. Each time I’m watching the number of views to see if anyone else has viewed it. After about an hour YouTube takes the video down.

“From what I can tell, all the views were mine, except for one. That could have been him viewing it after he uploaded it, or one of my relatives. I’ll never know for sure, but I’ve never heard from anyone. Maybe a male relative saw it and never told anyone.”

Samir has not heard from the man since, though once in a while, he checks to see if the video is back up on YouTube.

Inside the Mind of a Webcam Scammer

Let’s break down what happened to Samir with the help of a young scammer named Omar. (Not his real name, either.)

Fraudsters like Omar lurk on Facebook in search of victims. When they find a target, they connect with them via video call on Skype or Facebook. They then use a pre-recorded video of a girl downloaded from a pornographic website to trick the user into thinking they’re talking with someone in real time.

The scammers go to every length to make the chat session appear legitimate. As BBC News journalist Reda el Mawy explains:

“They are so familiar with this video that they are able to chat-message their victims at exactly the points where the girl appears to be typing on the keyboard.”

Omar says the entire scam takes about one hour and consists of three 20-minute segments: chatting, filming the video, and threatening the user.

To get a victim to pay, the scammer explains it’s all about knowing where they’re coming from and abusing that information:

“The weak point of Arabs is sex. So you look for their weaknesses, and you exploit them. The other weakness is when they are married, for example. You can exploit that. Then there are the really religious guys. You see someone who looks like a sheikh, carrying the Koran, and you think, ‘There’s no way he’ll fall for this – but let’s try him anyway.’ And when you try, he falls for it.”

Those tools help Omar earn 500 USD a day from the scam.

How to Protect Against Sextortionists

Users can protect themselves against sextortionists like the one that targeted Samir by following some best practices for social networking sites. For instance, users should never post too much information about themselves on Twitter or Facebook, as fraudsters could abuse that information to steal their identity. They should also be careful about whom they connect with on social media. As a general rule of thumb, they should connect only with people whom they’ve met in real life.

It’s important that organizations impart those lessons to their workforce. Doing so will empower employees to help protect a company’s data and reputation.

Even so, that’s just the beginning of what enterprises should be doing to protect themselves against digital extortion. For more tips on how to defend against ransomware and other extortion-based threats, please click here.